entropyxyz / entropy-core

Protocol and cryptography development.
https://docs.entropy.xyz/
GNU Affero General Public License v3.0
11 stars 2 forks source link

Signer changing TSS account #1072

Open JesseAbram opened 1 month ago

JesseAbram commented 1 month ago

Currently there is a btree map for tss_account as the key when signing in synedrion. There is also a way for a TSS to change their TSS account . If they are a signer and do this, this will break signing with them. This can be fixed if everyone updates their TSS key for them. Either a pre lookup to get their tss key and check and change them in the key share before signing if this is possible @fjarri , if so that is cheap and can happen wtv. If not then maybe a reshare triggered with a new TSS...... or the same one but if they do it too much then maybe slash @HCastano

ameba23 commented 1 month ago

The problem with changing the account id in the keyshare, is that all other keyshares in the set have a list of the other party ids - so we would have to change it in all the keyshares.

The other problem is that if a validator wants to change their TSS account ID because they are moving the physical location of where their TS server is run, they would anyway have no way of bringing the keyshare with them.

I think the simplest solution would be to not allow chainging TSS account ID whilst being a signer.

Another option would be that changing TSS account ID triggers a reshare, replacing the keyshare associated with the old TS account with the new one.

JesseAbram commented 1 month ago

yes both those are options, however, why can't before sign I do a lookup of all signers on the chain, get their TSS accounts, check it against the TSS accounts in the keyshare, and replace the ones that are not there with the new ones?